On 2024-05-22 03:49, Robin Wood wrote:
I'm trying to work out how to add an extra header to a TLS connection.
I assume that you want to add a header field to an HTTP request or
response that is being transmitted inside a TLS connection between a TLS
client (e.g., a user browser) and an HTTPS origin server.
Do you control the client that originates that TLS connection (or its
OS/environment) or the origin server? If you do not, then what you want
is impossible -- TLS encryption exists, in part, to prevent such traffic
modifications.
If you control the client that originates that TLS connection (or its
OS/environment), then you may be able to, in _some_ cases, add that
header by configuring the client (or its OS/environment) to trust you as
a Certificate Authority, minting your own X509 certificates, and
configuring Squid to perform a "man in the middle" attack on
client-server traffic, using your minted certificates. You can search
for Squid SslBump to get more information about this feature, but the
area is full of insurmountable difficulties and misleading advice. Avoid
it if at all possible!
HTH,
Alex.
I've found information on how to do it on what I think is the pre-3.5
release, but I can't find any useful information on doing it on the
current version.
Could someone give me an example or point me at some documentation on
how to do it.
Thanks
Robin
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
